Hi!
SASL::SCRAM package uses [SASL::CreateNonce] to generate a random string, and it doesn't work well if /dev/urandom is not available, because it tries to call md5_bin and fails because md5_init wasn't called.
I'd like to propose the following patch to SASL.tcl (I've made it for an AS distribution, so the line numbers and filename are a bit off):
--- SASL-1.3.2.tm.orig Mon Nov 26 15:27:07 2012
+++ SASL-1.3.2.tm Mon Jan 13 10:46:51 2014
@@ -636,6 +636,7 @@
}
}
if {[string length $bytes] < 1} {
+ md5_init
set bytes [md5_bin [clock seconds]:[pid]:[expr {rand()}]]
}
return [binary scan $bytes h* r; set r]

User Comments:

aku added on 2014-01-21 17:29:30:

Fix in revision [8175173735].
Committed.
Pushed.
Thank you for the report, and patch.

aku added on 2014-01-21 17:22:24:

Yes, that looks right.
Will apply.
(Should add tests for CreateNonce, if that is a public command).

This page was generated in about
0.01s by
Fossil 2.9 [831e1af254] 2019-03-18 10:38:15